Cisco TelePresence control software had remote-exploitable bug

Cisco's collaborationware is a mess: that WebEx bug also hit Firefox and IE

Cisco has turned up a packet fragmentation issue in its TelePresence Multipoint Control Unit software that opens up a denial-of-service and remote code execution vulnerability.

Announced here, the bug has been patched, but if you need time to install the fix, you can configure the TelePresence system to run in “transcoded” content mode instead of “passthrough” mode.

When reassembling fragmented packets – IPv4 and IPv6 – the software doesn't properly validate packet size. If an attacker sent a crafted packet to a port receiving content in Passthrough mode, it could overflow a buffer.